this error log when i tried to connect winxp client to the Linux VPN server...<br> <br>Nov 12 14:19:45 vpnserver pluto[6284]: packet from <a href="http://219.93.36.194:31764">219.93.36.194:31764</a>: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000 004]<br>
Nov 12 14:19:45 vpnserver pluto[6284]: packet from <a href="http://219.93.36.194:31764">219.93.36.194:31764</a>: ignoring Vendor ID payload [FRAGMENTATION]<br>Nov 12 14:19:45 vpnserver pluto[6284]: packet from <a href="http://219.93.36.194:31764">219.93.36.194:31764</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik e-02_n] method set to=106<br>
Nov 12 14:19:45 vpnserver pluto[6284]: packet from <a href="http://219.93.36.194:31764">219.93.36.194:31764</a>: ignoring Vendor ID payload [Vid-Initial-Contact]<br>Nov 12 14:19:45 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] <a href="http://219.93.36.194">219.93.36.194</a> #2: responding to Main Mode from unknown peer 219. 93.36.194<br>
Nov 12 14:19:45 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] <a href="http://219.93.36.194">219.93.36.194</a> #2: transition from state STATE_MAIN_R0 to state S TATE_MAIN_R1<br>Nov 12 14:19:45 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] <a href="http://219.93.36.194">219.93.36.194</a> #2: STATE_MAIN_R1: sent MR1, expecting MI2<br>
Nov 12 14:19:46 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] <a href="http://219.93.36.194">219.93.36.194</a> #2: NAT-Traversal: Result using draft-ietf-ipsec-n at-t-ike-02/03: peer is NATed<br>Nov 12 14:19:46 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] <a href="http://219.93.36.194">219.93.36.194</a> #2: transition from state STATE_MAIN_R1 to state S TATE_MAIN_R2<br>
Nov 12 14:19:46 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] <a href="http://219.93.36.194">219.93.36.194</a> #2: STATE_MAIN_R2: sent MR2, expecting MI3<br> Result using draft-ietf-ipsec-n at-t-ike-02/03: peer is NATed<br>
<br><br><br><br>Nov 12 14:20:56 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] <a href="http://219.93.36.194">219.93.36.194</a> #2: max number of retransmissions (2) reached STATE_MAIN_R2<br>Nov 12 14:20:56 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] <a href="http://219.93.36.194">219.93.36.194</a>: deleting connection "roadwarrior-l2tp" instance with peer <a href="http://219.93.36.194">219.93.36.194</a> {isakmp=#0/ipsec=#0}<br>
<br><br>this is my ipsec.conf configuration..<br><br># basic configuration<br>config setup<br> # plutodebug / klipsdebug = "all", "none" or a combation from below:<br> # "raw crypt parsing emitting control klips pfkey natt x509 private"<br>
# eg: plutodebug="control parsing"<br> #<br> # ONLY enable plutodebug=all or klipsdebug=all if you are a developer !!<br> #<br> # NAT-TRAVERSAL support, see README.NAT-Traversal<br>
nat_traversal=yes<br> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12</a><br> #<br> # enable this if you see "failed to find any available worker"<br>
nhelpers=0<br><br># Add connections here<br><br>conn %default<br> keyingtries=5<br> compress=yes<br> disablearrivalcheck=no<br> authby=rsasig<br> leftrsasigkey=%cert<br> rightrsasigkey=%cert<br><br>conn roadwarrior-net<br>
leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br> also=roadwarrior<br><br>conn roadwarrior-all<br> leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br> also=roadwarrior<br><br>#conn roadwarrior<br> # left=%defaultroute<br>
# leftcert=host.example.com.pem<br> # right=<a href="http://60.51.211.53">60.51.211.53</a><br> # rightsubnet=vhost:%no,%priv<br> # rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br> # auto=add<br> # pfs=yes<br>
conn roadwarrior-l2tp<br> type=transport<br> left=<a href="http://219.93.36.214">219.93.36.214</a><br> leftcert=host.example.com.pem<br> leftprotoport=17/1701<br> right=%any<br> rightsubnet=<a href="http://192.168.1.0/24">192.168.1.0/24</a><br>
rightprotoport=17/1701<br> pfs=no<br> auto=add<br>#conn roadwarrior-l2tp-oldwin<br># left=%defaultroute<br># leftcert=host.example.com.pem<br># leftprotoport=17/0<br># right=<a href="http://60.51.211.51">60.51.211.51</a><br>
# rightprotoport=17/1701<br> # rightsubnet=vhost:%no,%priv<br># rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br># pfs=no<br># auto=add<br><br>conn block<br> auto=ignore<br><br>conn private<br> auto=ignore<br>
<br>conn private-or-clear<br> auto=ignore<br><br>conn clear-or-private<br> auto=ignore<br>conn clear<br> auto=ignore<br><br>conn packetdefault<br> auto=ignore<br><br># sample VPN connections, see /etc/ipsec.d/examples/<br>
<br>#Disable Opportunistic Encryption<br>#include /etc/ipsec.d/examples/no_oe.conf<br><br><br><br><br>